What is modsecurity?
Modsecurity is a Web Application Firewalla firewall that allows access to web applications like content management systems (wordpress, joomlaetc.), .der checks other applications and prevents known attacks.
The advantage of modsecurity is the possibility to analyse accesses first and to define accordingly which accesses are legitimate and which have to be rejected directly.
Of course, it is impossible to set everything yourself, but there are appropriate Provider which provide finished rules partly live and can thus react directly to current threats.
For example, if a new attack on a specific content management system then these providers update their rules and modsecurity can block these accesses before an infection occurs.
For Plesk User this is a good program with which you can prevent most known attacks on your application.
An external firewall such as Cloudflare WAF works similar with partly the same rules, but offers the possibility to fend off attacks before they reach the server. An optimal Protection would therefore be a Web Application Firewall from Cloudflare or Imperva/Incapsula and then only use special rules on the server. This saves computing power and thus speeds up the page considerably.
How to install modsecurity in Plesk?
You can select from the Plesk menu which provider you want to use the rules from. Free of charge are the OWASP or Atomic Basic rules. However, these have the disadvantage that they are rarely updated, or in the case of OWASP the rules are too strong, so that with wordpress, for example, there are problems that you have to exclude all of them first.
There are here still the inexpensive comodo rules offer a good protection against all threats. However, the license must always be updated.
So if you're too lazy, you can simply use the Atomic subscription rules which provide live protection. But you have to keep in mind that this is not quite true, because the web server has to be reloaded and then the 502 Bad Gateway problem occurs again.
Practical is the Atomic Professional protection that comes with Cloudflare in the package. Here you can easily remove the Web Application Firewall from the Plesk and set up your Domains also all switch to Cloudfalre as an additional protection mechanism.
The problem here, however, is that you can only protect subdomains, so your site should only be accessible at www.ihrefirma.de and not at yourcompany.com. Alternatively one can use as Cloudflare partners also the Cloudflare Nameservers and offer thus a complete protection.
Because the license prices of Plesk and the addons are always incalculably increased, you should be considered a Provider maybe think about external licensing.
There are interesting solutions directly from atomicorp, or another way to activate mod_security on the server, or to use directly an external protection like cloudflare.